Hacker News new | past | comments | ask | show | jobs | submit login

Is it not standard practice to make different keys for different important services?

I have a private key for my prod server, a private key for GitHub, and a private junk key for authenticating to misc stuff. I can discard any without affecting anything else that's important.

If I authenticated with my junk key, would my other keys still be at risk?




> If I authenticated with my junk key, would my other keys still be at risk?

Yes, if you authenticate with your junk key (or no key), and SSH agent forwarding is enabled, you are still at risk. It lets the remote machine login to any server with any keys that are on your local SSH agent. Parent's link shows how this can be abused.

Fortunately, it's disabled by default, at least on newer versions.


It's a good practice, but it's somewhat against the grain of ssh defaults. It's not surprising that many people stick to the defaults.


It’s a practice, but not necessarily a standard one. In any case if even one person sees that, the advice will have served its purpose.


TIL, the good news I guess is I only ssh into my hosting platforms and GitHub who have a reason to protect my data since I pay them.

Still I'll be sure to break up my keys more going forward and disable SSH forwarding.


disabling agent forwarding is the important bit.

But if you do want to break up your keys more, make sure you specify IdentityFile and Identities Only in the per host definitions in your ssh config.

By default assuming you use an ssh agent (no forwarding) with multiple keys and a default ssh config, the behavior is to just try to auth with every key in order.

So if you're worried about the ssh server identifying you, you're still exposing yourself. I don't think this is much of a concern but worth noting.

Slightly more important: you're wasting time during the initial connection to fail authentication a few times. This can matter more with higher latency

Even more important: sshd has a configurable number of times a client is allowed to fail authentication in a session attempt. If you have too many other keys in your agent you will just fail to auth before it tries the key that is actually valid for that host.


The only reason/benefit for using different keys is to prevent someone from correlating your identity across different services... if you're worried about that go ham


If anything it's more standard practice to have agent forwarding disabled, since that's the default.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: